﻿using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;  
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Yuebon.IdentityServer
{
    public class Configs
    {
        /// <summary>
        /// 定义身份资源
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<IdentityResource> GetIdentityResourceResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(), //必须要添加，否则报无效的scope错误
                new IdentityResources.Profile()
            };
        }
        /// <summary>
        ///  定义api资源
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("YuebonWebApi", "Yuebon System Api")
            };
        }

        /// <summary>
        /// 定义客户端
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients()
        {
            // client credentials client
            return new List<Client>
            {
                new Client
                {
                    ClientId = "client",//客户端的标识，要是惟一的
                    //授权方式，这里采用的是客户端认证模式，只要ClientId，以及ClientSecrets正确即可访问对应的AllowedScopes里面的api资源
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    AllowOfflineAccess=true,
                    AccessTokenLifetime =3600 * 2, //2小时
                    SlidingRefreshTokenLifetime=3600 * 2, //2小时
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },//客户端密码，进行了加密
                    AllowedScopes = { "YuebonWebApi" }//定义这个客户端可以访问的APi资源数组，上面只有一个api
                },

                 //定义服务器端Web应用程序（例如MVC）以进行使用验证和授权的API访问
                new Client
                {
                    ClientId = "mvcauth.netcoremvc",
                    ClientName = "Mvc Client",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
                    RequireConsent = true,
                    AllowOfflineAccess=true,
                    AccessTokenLifetime =3600 * 2, //2小时
                    SlidingRefreshTokenLifetime=3600 * 2, //2小时
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    RedirectUris = { "http://localhost:5002/signin-oidc" },
                    PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
                    //允许的范围
                    AllowedScopes = { "YuebonWebApi",
                        IdentityServerConstants.StandardScopes.OpenId, //必须要添加，否则报forbidden错误
                        IdentityServerConstants.StandardScopes.Profile
                    }
                },
                //定义基于浏览器的JavaScript客户端（例如SPA）进行用户认证和授权访问和API
                new Client
                {
                    ClientId = "jsauth.javascript",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    AllowOfflineAccess=true,
                    AccessTokenLifetime =3600 * 2, //2小时
                    SlidingRefreshTokenLifetime=3600 * 2, //2小时
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes = { "YuebonWebApi",
                        IdentityServerConstants.StandardScopes.OpenId, //必须要添加，否则报forbidden错误
                        IdentityServerConstants.StandardScopes.Profile
                    }
                }
            };
        }
    }
}
